1.18.0 (2021-05-15)

  • Add support for Django 3.2.

  • Prevent auto-completion of the CA password field in the admin interface.

  • Improve CSR validation when using the admin interface.

  • Check permissions when resigning certificates.

  • Require the change certificate permission when revoking certificates.

  • Preselect profile of original certificate when resigning certificates.

  • Make sure that operators for OrderedSetExtension always return an instance of the implementing class, not of the base class.

  • Certificate bundles now always end with a newline, as normal bundles do.

  • Add setuptools extras for mysql and postgres.

  • Add MySQL support for the Docker image.

Backwards incompatible changes

  • Don’t load configuration from localsettings.py (deprecated since 1.15.0).

  • The x509 property and dump_certificate() where removed from CertificateAuthority and Certificate:

    • To access a string-encoded PEM use obj.pub.pem (was: obj.x509).

    • To update an instance with a certificate use update_certificate() (was: obj.x509 = ...).

    • Use obj.pub.pem or obj.pub.der to get an encoded certificate (was: obj.dump_certificate()).

  • Drop support for Django 3.0.

  • Drop support for cryptography 2.8 and 2.9.

  • Drop support for Celery 4.3 and 4.4.

  • Drop support for idna 2.9.

Python API

  • Store certificates and CSRs as bytes to improve access speed.

Linting and continuous integration

  • Use GitHub Actions instead of Travis.

  • Use pyproject.toml for all tools that support it.

  • Code is now formatted with black.

  • Code is now linted using pylint.

  • Code is now fully type-hinted and type safe according to mypy. This requires the upcoming release of cryptography (current: 3.4).

  • Documentation is now cleaned with doc8.

  • Documentation is now spell-checked using sphinxcontrib.spelling.

Deprecation notices

  • This is the last release to support cryptography 3.0, 3.1 and 3.2.

  • Passing a str or bytes to create_cert() will be removed in django-ca 1.20.0.

  • Passing a str as an algorithm in get_crl(), create_cert() is deprecated and will no longer work in django-ca 1.20.0. Pass a HashAlgorithm instance instead.

  • django_ca.utils.parse_csr() is no longer useful and will be removed in django-ca 1.20.0.

  • Creating an index for running an OCSP responder with openssl-ocsp(1SSL) is deprecated and will be removed in django-ca 1.20.0. The man page explicitly states it “is only useful for test and demonstration purposes”, and we can solidly run our own responders by now.